๐จ CVE-2023-38047
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38048
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38049
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38051
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38052
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38054
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38055
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2024-42766
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.
๐@cveNotify
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Bus Ticket Reservation System v1.0/Broken Access Control - Delete Bookings.pdf at main ยท takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-44381
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
๐@cveNotify
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
๐@cveNotify
GitHub
pocs/dlink_DI8004W.md at main ยท GroundCTL2MajorTom/pocs
Contribute to GroundCTL2MajorTom/pocs development by creating an account on GitHub.
๐จ CVE-2024-44382
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
๐@cveNotify
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
๐@cveNotify
GitHub
pocs/dlink_DI8004W.md at main ยท GroundCTL2MajorTom/pocs
Contribute to GroundCTL2MajorTom/pocs development by creating an account on GitHub.
๐จ CVE-2023-4972
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects all versions. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects all versions. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2023-5983
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.
๐@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.
๐@cveNotify
๐จ CVE-2023-4993
Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
๐@cveNotify
Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
๐@cveNotify
๐จ CVE-2024-25381
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
๐@cveNotify
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
๐@cveNotify
GitHub
CVE-2024-25381/description at main ยท OoO7ce/CVE-2024-25381
Contribute to OoO7ce/CVE-2024-25381 development by creating an account on GitHub.
๐จ CVE-2024-29338
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
๐@cveNotify
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
๐@cveNotify
๐จ CVE-2023-52342
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
๐@cveNotify
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
๐@cveNotify
๐จ CVE-2024-36081
Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.
๐@cveNotify
Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.
๐@cveNotify
๐จ CVE-2024-31756
An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.
๐@cveNotify
An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.
๐@cveNotify
๐จ CVE-2022-45171
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions.
๐@cveNotify
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions.
๐@cveNotify
www.gruppotim.it
Vulnerability Research & Advisor
๐จ CVE-2023-38050
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38053
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments